[refpolicy] Devices file differences in Fedora

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] Devices file differences in Fedora - resend with patch
@ 2011-02-08 22:31 Daniel J Walsh
  0 siblings, 0 replies; only message in thread
From: Daniel J Walsh @ 2011-02-08 22:31 UTC (permalink / raw
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Add label for /dev/crash
printk device does not exist

Add labels for /dev/mqueue, /lib/udev/devices/, /sys
Fedora has same labels as gentoo, remove ifdef

Add interfaces for

dev_read_generic_files
+dev_read_generic_files(mdadm_t)
+dev_read_generic_files(systemd_passwd_agent_t)

dev_relabelfrom_generic_chr_files
+	dev_relabelfrom_generic_chr_files(init_t)   -  systemd needs this

dev_read_generic_chr_files
+	dev_read_generic_chr_files(init_t)  - systemd

dev_rw_generic_blk_files

+	dev_rw_generic_blk_files(mount_t)

dev_read_generic_symlinks
+	dev_read_generic_symlinks(virt_domain)

dev_rw_all_inherited_chr_files
dev_rw_all_inherited_blk_files
+	dev_rw_all_inherited_chr_files(sandbox_domain)  -- sandbox
+	dev_rw_all_inherited_blk_files(sandbox_domain)  -- sandbox

dev_relabel_autofs_dev
+	dev_relabel_autofs_dev(init_t)  - systemd

dev_read_crash                          - No user yet

dev_dontaudit_read_kmsg
+	dev_dontaudit_read_kmsg(initrc_t)
dev_associate_sysfs
+	dev_associate_sysfs(cgroup_t)     - cgroups
+	dev_associate_sysfs($1_image_t)   - svirt/libvirt needs this

dev_manage_sysfs_dirs			- systemd
+	dev_manage_sysfs_dirs(init_t)

dev_write_usbmon_dev
+		dev_write_usbmon_dev(netutils_t)

unconfined domains have to be able to create device_node lnk files.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1RxEYACgkQrlYvE4MpobMghwCg10TClwqwEXzHQ8CGPxzVA5Fb
Qg4AoKYf01Bqb0+80sRaUB/HbR+hJDGj
=052B
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: devices.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20110208/98f4fc84/attachment.pl 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: devices.patch.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110208/98f4fc84/attachment.bin 

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2011-02-08 22:31 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-08 22:31 [refpolicy] Devices file differences in Fedora - resend with patch Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.